Skip to content
  • jchaffraix@webkit.org's avatar
    [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR · 5ace159f
    jchaffraix@webkit.org authored
    https://bugs.webkit.org/show_bug.cgi?id=37781
    <rdar://problem/7905150>
    
    Reviewed by Alexey Proskuryakov.
    
    WebCore:
    
    Tests: http/tests/xmlhttprequest/access-control-preflight-credential-async.html
           http/tests/xmlhttprequest/access-control-preflight-credential-sync.html
    
    Rolling the patch in as I could not reproduce Qt results locally.
    
    * loader/DocumentThreadableLoader.cpp:
    (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Now we remove the
    credential from the request here to avoid forgetting to do so in the different code path.
    (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Just add the
    "Origin" header.
    (WebCore::DocumentThreadableLoader::loadRequest): Check here the the credential have
    been removed so that we don't leak them. Also tweaked a comment to make it clear that
    the URL check has issue when credential is involved.
    
    LayoutTests:
    
    Test that doing a cross-origin request with a preflight check does
    not raise a NETWORK_ERR exception and does not send the credentials.
    
    * http/tests/xmlhttprequest/access-control-preflight-credential-async-expected.txt: Added.
    * http/tests/xmlhttprequest/access-control-preflight-credential-async.html: Added.
    * http/tests/xmlhttprequest/access-control-preflight-credential-sync-expected.txt: Added.
    * http/tests/xmlhttprequest/access-control-preflight-credential-sync.html: Added.
    * http/tests/xmlhttprequest/resources/basic-auth/access-control-auth-basic.php: Added.
    
    * platform/mac-tiger/Skipped:
    * platform/qt/Skipped:
    Added those 2 tests to the Skipped lists.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@58409 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    5ace159f